CISM Information Security Program • Complete Question Bank
Complete CISM Information Security Program question bank — all 0 questions with answers and detailed explanations.
Refer to the exhibit. ``` [SYN] 12:01:00.001 192.168.1.10:12345 -> 10.0.0.1:80 [SYN-ACK] 12:01:00.002 10.0.0.1:80 -> 192.168.1.10:12345 [ACK] 12:01:00.003 192.168.1.10:12345 -> 10.0.0.1:80 [GET /index.html] 12:01:00.004 192.168.1.10:12345 -> 10.0.0.1:80 [SYN] 12:01:00.005 192.168.1.11:23456 -> 10.0.0.1:80 [SYN-ACK] 12:01:00.006 10.0.0.1:80 -> 192.168.1.11:23456 [ACK] 12:01:00.007 192.168.1.11:23456 -> 10.0.0.1:80 [GET /login.php] 12:01:00.008 192.168.1.11:23456 -> 10.0.0.1:80 [SYN] 12:01:00.009 192.168.1.12:34567 -> 10.0.0.1:80 [SYN-ACK] 12:01:00.010 10.0.0.1:80 -> 192.168.1.12:34567 [ACK] 12:01:00.011 192.168.1.12:34567 -> 10.0.0.1:80 [GET /admin.php] 12:01:00.012 192.168.1.12:34567 -> 10.0.0.1:80 ```
Match each information security program component to its primary focus area.
Component: 1. Risk Assessment, 2. Security Awareness Training, 3. Incident Response Plan, 4. Policy Framework
Focus Areas: A. Human factors and behavior B. Structured response to events C. Identification and analysis of threats D. Governance and compliance requirements
Drag each component to its matching focus area.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag steps to the numbered slots on the right, or tap a step then tap a slot.
Drag a concept onto its matching description — or click a concept then click the description.
Establish and maintain a framework to align security with business objectives
Identify and manage information risk to achieve business objectives
Design and implement a security program to manage risk
Plan and manage the incident response process
Oversee and improve the security program's performance
Drag a concept onto its matching description — or click a concept then click the description.
Specify requirements for an ISMS
Provide risk-based guidance for critical infrastructure
Govern and manage enterprise IT
Align IT services with business needs
Protect cardholder data
Drag a concept onto its matching description — or click a concept then click the description.
Senior executive responsible for security strategy
Oversees daily security operations and team
Designs security infrastructure and controls
Evaluates compliance and effectiveness of controls
Executes incident response procedures
Refer to the exhibit. ``` [Policy: BYOD] Version: 2.0 Last Review: 2024-01-15 - Employees may connect personal devices to corporate network. - Devices must be registered with MDM. - All devices must have full disk encryption enabled - Devices must run the latest OS version within 30 days of release. - Containers for corporate data are required. - Non-compliant devices will be blocked after 7 days grace period. ```
Refer to the exhibit. ``` Event Log: SIEM Alert #4521 Timestamp: 2024-08-15 14:23:45 UTC Rule: Failed login attempts > 5 in 10 minutes Source IP: 203.0.113.5 Target: User 'admin' on server DC-01 Count: 12 attempts Status: Alert generated, no automated action Comment: IP belongs to external VPN broker ```
Refer to the exhibit. ``` Risk Register Entry: ID: RR-102 Risk: Data loss from unencrypted laptops Current Controls: Full disk encryption policy (not enforced) Likelihood: 3 (Medium) Impact: 5 (Very High) Risk Score: 15 Proposed Control: Enforce encryption via MDM Residual Risk after control: 3 (Low) ```
Refer to the exhibit. Exhibit: ``` access-list 100 deny ip any 10.0.0.0 0.255.255.255 access-list 100 permit tcp 192.168.1.0 0.0.0.255 host 10.0.0.5 eq 80 access-list 100 deny ip any any ``` The ACL is applied inbound on the external interface of the border router.
Refer to the exhibit.
Exhibit:
```
{
"securityControls": {
"firewall": {
"state": "active",
"rules": [
{"action": "allow", "src": "any", "dst": "web-servers", "port": 443},
{"action": "allow", "src": "web-servers", "dst": "db-servers", "port": 3306},
{"action": "deny", "src": "any", "dst": "any", "port": "any"}
]
},
"intrusionDetection": {
"state": "active",
"signatures": ["critical", "high"],
"action": "alert"
},
"vendorBaseline": "CIS Level 1"
}
}
```
This JSON policy is for a web application environment. The db-servers network is considered internal.Refer to the exhibit. Exhibit: Network Architecture Description The network consists of three zones: External, DMZ, and Internal. The external interface connects to the internet. The DMZ hosts public-facing web servers and an email relay. The internal zone hosts database servers and application servers. A firewall separates External from DMZ, and another firewall separates DMZ from Internal. The firewall rules are: - External to DMZ: allow HTTP, HTTPS, SMTP. - DMZ to Internal: allow MySQL (3306) from web servers to database servers, and allow LDAP (389) from application servers to domain controllers. - Internal to External: allow outbound HTTP/HTTPS from application servers. - All other traffic is denied. The IDS is placed on the DMZ segment, monitoring traffic between DMZ and Internal. The IDS signatures include critical, high, and medium severity, and the action is 'alert and log'.
CISO Quarterly Report: - Patch Compliance (30-day window): 85% - Critical Vulnerability Remediation (48h): 95% - High-Risk Vulnerability Remediation (60-day): 88% - Risk Acceptance: 3% of findings - Incident Response Plan Test: Annual, last test 14 months ago.
Access Control Policy: - Users must be provisioned within 24 hours of request. - Access reviews are conducted quarterly. - Privileged accounts require manager approval. - Default deny for all new accounts. - Audit logs retained for 90 days.
Security Program Dashboard: - Patch Compliance (30-day window): 85% - Critical Vulnerability Remediation (48h): 95% - High-Risk Vulnerability Remediation (60-day): 88% - Risk Acceptance: 3% of findings - Incident Response Plan Test: Annual, last test 14 months ago.
Refer to the exhibit. Suspicious Activity Log: Timestamp: 2025-03-21 14:32:15 UTC Event ID: 5678 Source IP: 192.168.1.50 User: jdoe Action: File download File: payroll_encrypted.xlsx Status: Failed - Encryption key not found Additional Info: Downloaded using HTTPS from external IP 203.0.113.45